nodejs-quickstart-structure 1.16.2 → 1.18.0

package/lib/modules/app-setup.js

@@ -73,7 +73,7 @@ export const renderErrorMiddleware = async (templatePath, targetDir, config) =>
     const specExt = language === 'TypeScript' ? 'ts' : 'js';
     const specTemplatePath = path.join(templatePath, '../../common/src/utils', `errorMiddleware.spec.${specExt}.ejs`);
     if (await fs.pathExists(specTemplatePath)) {
-        const testUtilsDir = path.join(targetDir, 'tests', 'utils');
+        const testUtilsDir = path.join(targetDir, 'tests', 'unit', 'utils');
         await fs.ensureDir(testUtilsDir);
         const specContent = ejs.render(await fs.readFile(specTemplatePath, 'utf-8'), config);
         await fs.writeFile(path.join(testUtilsDir, `errorMiddleware.spec.${specExt}`), specContent);
@@ -89,7 +89,7 @@ export const renderDynamicComponents = async (templatePath, targetDir, config) =
         const userControllerSpecName = language === 'TypeScript' ? 'userController.spec.ts' : 'userController.spec.js';
         
         const userControllerPath = path.join(targetDir, 'src/controllers', userControllerName);
-        const userControllerSpecPath = path.join(targetDir, 'tests/controllers', userControllerSpecName);
+        const userControllerSpecPath = path.join(targetDir, 'tests/unit/controllers', userControllerSpecName);
         
         const userControllerTemplate = path.join(templatePath, 'src/controllers', `${userControllerName}.ejs`);
         const userControllerSpecTemplate = path.join(templatePath, 'src/controllers', `${userControllerSpecName}.ejs`);
@@ -101,7 +101,7 @@ export const renderDynamicComponents = async (templatePath, targetDir, config) =
         }
         
         if (await fs.pathExists(userControllerSpecTemplate)) {
-            await fs.ensureDir(path.join(targetDir, 'tests/controllers'));
+            await fs.ensureDir(path.join(targetDir, 'tests/unit/controllers'));
             const content = ejs.render(await fs.readFile(userControllerSpecTemplate, 'utf-8'), { ...config });
             await fs.writeFile(userControllerSpecPath, content);
             await fs.remove(path.join(targetDir, 'src/controllers', `${userControllerSpecName}.ejs`));
@@ -113,7 +113,7 @@ export const renderDynamicComponents = async (templatePath, targetDir, config) =
         const repoSpecName = language === 'TypeScript' ? 'UserRepository.spec.ts' : 'UserRepository.spec.js';
         
         const repoPath = path.join(targetDir, 'src/infrastructure/repositories', repoName);
-        const repoSpecPath = path.join(targetDir, 'tests/infrastructure/repositories', repoSpecName);
+        const repoSpecPath = path.join(targetDir, 'tests/unit/infrastructure/repositories', repoSpecName);
         
         const repoTemplate = path.join(templatePath, 'src/infrastructure/repositories', `${repoName}.ejs`);
         const repoSpecTemplate = path.join(templatePath, 'src/infrastructure/repositories', `${repoSpecName}.ejs`);
@@ -124,7 +124,7 @@ export const renderDynamicComponents = async (templatePath, targetDir, config) =
             await fs.remove(path.join(targetDir, 'src/infrastructure/repositories', `${repoName}.ejs`));
         }
         if (await fs.pathExists(repoSpecTemplate)) {
-            await fs.ensureDir(path.join(targetDir, 'tests/infrastructure/repositories'));
+            await fs.ensureDir(path.join(targetDir, 'tests/unit/infrastructure/repositories'));
             const content = ejs.render(await fs.readFile(repoSpecTemplate, 'utf-8'), { ...config });
             await fs.writeFile(repoSpecPath, content);
             await fs.remove(path.join(targetDir, 'src/infrastructure/repositories', `${repoSpecName}.ejs`));
@@ -134,7 +134,7 @@ export const renderDynamicComponents = async (templatePath, targetDir, config) =
         const controllerSpecName = language === 'TypeScript' ? 'userController.spec.ts' : 'userController.spec.js';
         
         const controllerPath = path.join(targetDir, 'src/interfaces/controllers', controllerName);
-        const controllerSpecPath = path.join(targetDir, 'tests/interfaces/controllers', controllerSpecName);
+        const controllerSpecPath = path.join(targetDir, 'tests/unit/interfaces/controllers', controllerSpecName);
         
         const controllerTemplate = path.join(templatePath, 'src/interfaces/controllers', `${controllerName}.ejs`);
         const controllerSpecTemplate = path.join(templatePath, 'src/interfaces/controllers', `${controllerSpecName}.ejs`);
@@ -146,7 +146,7 @@ export const renderDynamicComponents = async (templatePath, targetDir, config) =
         }
         
         if (await fs.pathExists(controllerSpecTemplate)) {
-            await fs.ensureDir(path.join(targetDir, 'tests/interfaces/controllers'));
+            await fs.ensureDir(path.join(targetDir, 'tests/unit/interfaces/controllers'));
             const content = ejs.render(await fs.readFile(controllerSpecTemplate, 'utf-8'), { ...config });
             await fs.writeFile(controllerSpecPath, content);
             await fs.remove(path.join(targetDir, 'src/interfaces/controllers', `${controllerSpecName}.ejs`));
@@ -191,9 +191,9 @@ export const renderDynamicComponents = async (templatePath, targetDir, config) =
         // Render health route spec template
         const healthSpecTemplatePath = path.join(templatePath, '../../common/health', healthExt, `healthRoute.spec.${healthExt}.ejs`);
         if (await fs.pathExists(healthSpecTemplatePath)) {
-            let testRouteDestDir = path.join(targetDir, 'tests', 'routes');
+            let testRouteDestDir = path.join(targetDir, 'tests', 'unit', 'routes');
             if (architecture === 'Clean Architecture') {
-                testRouteDestDir = path.join(targetDir, 'tests', 'interfaces', 'routes');
+                testRouteDestDir = path.join(targetDir, 'tests', 'unit', 'interfaces', 'routes');
             }
             await fs.ensureDir(testRouteDestDir);
             const specContent = ejs.render(await fs.readFile(healthSpecTemplatePath, 'utf-8'), config);
@@ -215,13 +215,40 @@ export const renderDynamicComponents = async (templatePath, targetDir, config) =
         // Render graceful shutdown spec template
         const shutdownSpecTemplatePath = path.join(templatePath, '../../common/shutdown', shutdownExt, `gracefulShutdown.spec.${shutdownExt}.ejs`);
         if (await fs.pathExists(shutdownSpecTemplatePath)) {
-            const testUtilsDestDir = path.join(targetDir, 'tests', 'utils');
+            const testUtilsDestDir = path.join(targetDir, 'tests', 'unit', 'utils');
             await fs.ensureDir(testUtilsDestDir);
             const specContent = ejs.render(await fs.readFile(shutdownSpecTemplatePath, 'utf-8'), config);
             await fs.writeFile(path.join(testUtilsDestDir, `gracefulShutdown.spec.${shutdownExt}`), specContent);
         }
     }
 
+    // Advanced E2E Testing Generation
+    const e2eExt = language === 'TypeScript' ? 'ts' : 'js';
+    const e2eTemplatePath = path.join(templatePath, '../../common/src/tests/e2e', `e2e.users.test.${e2eExt}.ejs`);
+
+    if (await fs.pathExists(e2eTemplatePath)) {
+        let e2eDestDir = path.join(targetDir, 'tests', 'e2e');
+        await fs.ensureDir(e2eDestDir);
+
+        const e2eContent = ejs.render(await fs.readFile(e2eTemplatePath, 'utf-8'), { ...config });
+        await fs.writeFile(path.join(e2eDestDir, `e2e.users.test.${e2eExt}`), e2eContent);
+    }
+
+    // E2E Test Orchestrator Generation
+    const e2eOrchestratorTemplatePath = path.join(templatePath, '../../common/scripts', 'run-e2e.js.ejs');
+    if (await fs.pathExists(e2eOrchestratorTemplatePath)) {
+        let scriptsDestDir = path.join(targetDir, 'scripts');
+        await fs.ensureDir(scriptsDestDir);
+
+        const orchestratorContent = ejs.render(await fs.readFile(e2eOrchestratorTemplatePath, 'utf-8'), { ...config });
+        await fs.writeFile(path.join(scriptsDestDir, 'run-e2e.js'), orchestratorContent);
+        
+        // Cleanup the raw ejs copy in target
+        if (await fs.pathExists(path.join(scriptsDestDir, 'run-e2e.js.ejs'))) {
+            await fs.remove(path.join(scriptsDestDir, 'run-e2e.js.ejs'));
+        }
+    }
+
     // GraphQL Setup
     if (config.communication === 'GraphQL') {
         const ext = language === 'TypeScript' ? 'ts' : 'js';
@@ -342,13 +369,23 @@ export const processAllTests = async (targetDir, config) => {
                 await processDir(itemPath);
             } else if (itemPath.endsWith('.spec.ts') || 
                 itemPath.endsWith('.spec.js') || 
+                itemPath.endsWith('.test.ts') || 
+                itemPath.endsWith('.test.js') || 
                 itemPath.endsWith('.spec.ts.ejs') || 
-                itemPath.endsWith('.spec.js.ejs')) {
+                itemPath.endsWith('.spec.js.ejs') || 
+                itemPath.endsWith('.test.ts.ejs') || 
+                itemPath.endsWith('.test.js.ejs')) {
                 const relativePath = path.relative(srcDir, itemPath);
 
                 const cleanRelativePath = relativePath.replace(/\.ejs$/, '');
 
-                const targetTestPath = path.join(testsDir, cleanRelativePath);
+                // Exclude e2e if it accidentally falls here, as it's processed separately
+                if (cleanRelativePath.includes('e2e')) {
+                    await fs.remove(itemPath);
+                    continue;
+                }
+
+                const targetTestPath = path.join(testsDir, 'unit', cleanRelativePath);
 
                 await fs.ensureDir(path.dirname(targetTestPath));
 

package/lib/modules/caching-setup.js

@@ -64,7 +64,7 @@ export const setupCaching = async (templatesDir, targetDir, config) => {
                 const specLoggerPath = architecture === 'Clean Architecture' ? '@/infrastructure/log/logger' : '@/utils/logger';
                 const specRedisPath = architecture === 'Clean Architecture' ? '@/infrastructure/caching/redisClient' : '@/config/redisClient';
                 const specContent = ejs.render(specTemplate, { ...config, loggerPath: specLoggerPath, redisClientPath: specRedisPath });
-                const specTarget = cacheTarget.replace(`${path.sep}src${path.sep}`, `${path.sep}tests${path.sep}`).replace(`.${langExt}`, `.spec.${langExt}`);
+                const specTarget = cacheTarget.replace(`${path.sep}src${path.sep}`, `${path.sep}tests${path.sep}unit${path.sep}`).replace(`.${langExt}`, `.spec.${langExt}`);
                 await fs.ensureDir(path.dirname(specTarget));
                 await fs.writeFile(specTarget, specContent);
             }

package/lib/modules/config-files.js

@@ -47,6 +47,25 @@ export const renderProfessionalConfig = async (templatesDir, targetDir, config)
     const jestTemplate = await fs.readFile(path.join(templatesDir, 'common', 'jest.config.js.ejs'), 'utf-8');
     const jestContent = ejs.render(jestTemplate, { ...config });
     await fs.writeFile(path.join(targetDir, 'jest.config.js'), jestContent);
+    
+    // E2E Config
+    const jestE2eTemplate = await fs.readFile(path.join(templatesDir, 'common', 'jest.e2e.config.js.ejs'), 'utf-8');
+    const jestE2eContent = ejs.render(jestE2eTemplate, { ...config });
+    await fs.writeFile(path.join(targetDir, 'jest.e2e.config.js'), jestE2eContent);
+
+    // 1. Setup Husky pre-commit (Always for Professional Standard)
+    const huskyDir = path.join(targetDir, '.husky');
+    await fs.ensureDir(huskyDir);
+    await fs.copy(path.join(templatesDir, 'common', '_husky', 'pre-commit'), path.join(huskyDir, 'pre-commit'));
+
+    // 2. Enterprise Security Hardening (Optional)
+    if (config.includeSecurity) {
+        await fs.copy(path.join(templatesDir, 'common', 'SECURITY.md'), path.join(targetDir, 'SECURITY.md'));
+        
+        const sonarTemplate = await fs.readFile(path.join(templatesDir, 'common', 'sonar-project.properties.ejs'), 'utf-8');
+        const sonarContent = ejs.render(sonarTemplate, { ...config });
+        await fs.writeFile(path.join(targetDir, 'sonar-project.properties'), sonarContent);
+    }
 };
 
 export const renderAiNativeFiles = async (templatesDir, targetDir, config) => {
@@ -75,10 +94,20 @@ export const renderAiNativeFiles = async (templatesDir, targetDir, config) => {
 };
 
 export const setupCiCd = async (templatesDir, targetDir, config) => {
-    const { ciProvider } = config;
+    const { ciProvider, includeSecurity } = config;
     if (ciProvider === 'GitHub Actions') {
-        await fs.ensureDir(path.join(targetDir, '.github/workflows'));
-        await fs.copy(path.join(templatesDir, 'common', '_github/workflows/ci.yml'), path.join(targetDir, '.github/workflows/ci.yml'));
+        const workflowsDir = path.join(targetDir, '.github/workflows');
+        await fs.ensureDir(workflowsDir);
+        
+        const ciTemplate = await fs.readFile(path.join(templatesDir, 'common', '_github/workflows/ci.yml.ejs'), 'utf-8');
+        const ciContent = ejs.render(ciTemplate, { ...config });
+        await fs.writeFile(path.join(workflowsDir, 'ci.yml'), ciContent);
+        
+        if (includeSecurity) {
+            const securityTemplate = await fs.readFile(path.join(templatesDir, 'common', '_github/workflows/security.yml.ejs'), 'utf-8');
+            const securityContent = ejs.render(securityTemplate, { ...config });
+            await fs.writeFile(path.join(workflowsDir, 'security.yml'), securityContent);
+        }
     } else if (ciProvider === 'Jenkins') {
         const jenkinsTemplate = await fs.readFile(path.join(templatesDir, 'common', 'Jenkinsfile.ejs'), 'utf-8');
         const jenkinsContent = ejs.render(jenkinsTemplate, { ...config });

package/lib/modules/database-setup.js

@@ -67,7 +67,7 @@ export const setupDatabase = async (templatesDir, targetDir, config) => {
             if (await fs.pathExists(specTemplateSource)) {
                 const specTemplate = await fs.readFile(specTemplateSource, 'utf-8');
                 const specContent = ejs.render(specTemplate, { ...config });
-                const specTarget = dbConfigTarget.replace(`${path.sep}src${path.sep}`, `${path.sep}tests${path.sep}`).replace(`.${langExt}`, `.spec.${langExt}`);
+                const specTarget = dbConfigTarget.replace(`${path.sep}src${path.sep}`, `${path.sep}tests${path.sep}unit${path.sep}`).replace(`.${langExt}`, `.spec.${langExt}`);
                 await fs.ensureDir(path.dirname(specTarget));
                 await fs.writeFile(specTarget, specContent);
             }
@@ -108,7 +108,7 @@ export const generateModels = async (templatesDir, targetDir, config) => {
         if (await fs.pathExists(modelSpecTemplateSource)) {
             const modelSpecTemplate = await fs.readFile(modelSpecTemplateSource, 'utf-8');
             const modelSpecContent = ejs.render(modelSpecTemplate, { ...config });
-            const modelSpecTarget = modelTarget.replace(`${path.sep}src${path.sep}`, `${path.sep}tests${path.sep}`).replace(`.${langExt}`, `.spec.${langExt}`);
+            const modelSpecTarget = modelTarget.replace(`${path.sep}src${path.sep}`, `${path.sep}tests${path.sep}unit${path.sep}`).replace(`.${langExt}`, `.spec.${langExt}`);
             await fs.ensureDir(path.dirname(modelSpecTarget));
             await fs.writeFile(modelSpecTarget, modelSpecContent);
         }

package/lib/modules/kafka-setup.js

@@ -63,9 +63,9 @@ export const setupKafka = async (templatesDir, targetDir, config) => {
         const specContent = ejs.render(await fs.readFile(kafkaConfigSpecTemplate, 'utf-8'), { ...config });
         let specTarget;
         if (architecture === 'MVC') {
-            specTarget = path.join(targetDir, 'tests', 'config', kafkaConfigSpecFileName);
+            specTarget = path.join(targetDir, 'tests', 'unit', 'config', kafkaConfigSpecFileName);
         } else {
-            specTarget = path.join(targetDir, 'tests', 'infrastructure', 'config', kafkaConfigSpecFileName);
+            specTarget = path.join(targetDir, 'tests', 'unit', 'infrastructure', 'config', kafkaConfigSpecFileName);
         }
         await fs.ensureDir(path.dirname(specTarget));
         await fs.writeFile(specTarget, specContent);
@@ -79,7 +79,7 @@ export const setupKafka = async (templatesDir, targetDir, config) => {
     if (architecture === 'Clean Architecture') {
         // Clean Architecture Restructuring
         await fs.ensureDir(path.join(targetDir, 'src/infrastructure/messaging'));
-        await fs.ensureDir(path.join(targetDir, 'tests/infrastructure/messaging'));
+        await fs.ensureDir(path.join(targetDir, 'tests/unit/infrastructure/messaging'));
         await fs.ensureDir(path.join(targetDir, 'src/infrastructure/config'));
 
         const serviceExt = language === 'TypeScript' ? 'ts' : 'js';
@@ -93,7 +93,7 @@ export const setupKafka = async (templatesDir, targetDir, config) => {
         if (await fs.pathExists(path.join(targetDir, `src/services/kafkaService.spec.${serviceExt}`))) {
             await fs.move(
                 path.join(targetDir, `src/services/kafkaService.spec.${serviceExt}`),
-                path.join(targetDir, `tests/infrastructure/messaging/kafkaClient.spec.${serviceExt}`),
+                path.join(targetDir, `tests/unit/infrastructure/messaging/kafkaClient.spec.${serviceExt}`),
                 { overwrite: true }
             );
         }
@@ -131,7 +131,7 @@ export const setupKafka = async (templatesDir, targetDir, config) => {
             const specTemplateSource = path.join(templatesDir, 'common', 'kafka', langExt, 'messaging', `${t.src}.spec.${langExt}.ejs`);
             if (await fs.pathExists(specTemplateSource)) {
                 const specContent = ejs.render(await fs.readFile(specTemplateSource, 'utf-8'), { ...config, loggerPath });
-                const specDest = path.join(targetDir, 'tests', `${t.dest}.spec.${langExt}`);
+                const specDest = path.join(targetDir, 'tests', 'unit', `${t.dest}.spec.${langExt}`);
                 await fs.ensureDir(path.dirname(specDest));
                 await fs.writeFile(specDest, specContent);
             }
@@ -162,17 +162,17 @@ export const setupKafka = async (templatesDir, targetDir, config) => {
             const specTemplateSource = path.join(templatesDir, 'common', 'kafka', langExt, 'messaging', `${t.src}.spec.${langExt}.ejs`);
             if (await fs.pathExists(specTemplateSource)) {
                 const specContent = ejs.render(await fs.readFile(specTemplateSource, 'utf-8'), { ...config, loggerPath });
-                const specDest = path.join(targetDir, 'tests', `${t.dest}.spec.${langExt}`);
+                const specDest = path.join(targetDir, 'tests', 'unit', `${t.dest}.spec.${langExt}`);
                 await fs.ensureDir(path.dirname(specDest));
                 await fs.writeFile(specDest, specContent);
             }
         }
 
         if (await fs.pathExists(path.join(targetDir, `src/services/kafkaService.spec.${serviceExt}`))) {
-            await fs.ensureDir(path.join(targetDir, 'tests/services'));
+            await fs.ensureDir(path.join(targetDir, 'tests/unit/services'));
             await fs.move(
                 path.join(targetDir, `src/services/kafkaService.spec.${serviceExt}`),
-                path.join(targetDir, `tests/services/kafkaService.spec.${serviceExt}`),
+                path.join(targetDir, `tests/unit/services/kafkaService.spec.${serviceExt}`),
                 { overwrite: true }
             );
         }

package/lib/prompts.js

@@ -77,9 +77,24 @@ export const getProjectDetails = async (options = {}) => {
             choices: ['None', 'GitHub Actions', 'Jenkins', 'GitLab CI'],
             default: 'None',
             when: !options.ciProvider
+        },
+        {
+            type: 'select',
+            name: 'includeSecurity',
+            message: 'Include Enterprise Security Hardening (Big Tech Standard: Snyk, SonarQube)?',
+            choices: ['No', 'Yes'],
+            default: "No",
+            when: (answers) => !options.includeSecurity && (options.ciProvider || answers.ciProvider) !== 'None'
         }
     ];
 
     const answers = await inquirer.prompt(questions);
-    return { ...options, ...answers };
+    const result = { ...options, ...answers };
+
+    // Normalize includeSecurity to boolean if it's a string from the select prompt
+    if (typeof result.includeSecurity === 'string') {
+        result.includeSecurity = result.includeSecurity === 'Yes';
+    }
+
+    return result;
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-quickstart-structure",
-  "version": "1.16.2",
+  "version": "1.18.0",
   "type": "module",
   "description": "The ultimate nodejs quickstart structure CLI to scaffold Node.js microservices with MVC or Clean Architecture",
   "main": "bin/index.js",
@@ -12,7 +12,12 @@
     "test:e2e": "npm run test:e2e:windows",
     "test:e2e:windows": "node scripts/validate-windows.js",
     "test:e2e:linux": "node scripts/validate-linux.js",
-    "test:verify:mongo": "node scripts/verify-migration.js"
+    "test:verify:mongo": "node scripts/verify-migration.js",
+    "docs:dev": "vitepress dev docs",
+    "docs:build": "vitepress build docs",
+    "docs:preview": "vitepress preview docs",
+    "security:check": "npm audit && npm run snyk:test",
+    "snyk:test": "snyk test"
   },
   "keywords": [
     "nodejs",
@@ -45,6 +50,13 @@
     "fs-extra": "^11.3.0",
     "inquirer": "^13.3.2"
   },
+  "overrides": {
+    "esbuild": "^0.25.0"
+  },
+  "devDependencies": {
+    "snyk": "^1.1303.2",
+    "vitepress": "^1.0.0-rc.45"
+  },
   "files": [
     "bin",
     "lib",

package/templates/clean-architecture/ts/src/index.ts.ejs

@@ -1,3 +1,4 @@
+import { env } from '@/config/env';
 import express from 'express';
 import cors from 'cors';
 import helmet from 'helmet';
@@ -23,8 +24,6 @@ import { typeDefs, resolvers } from '@/interfaces/graphql';
 import { gqlContext, MyContext } from '@/interfaces/graphql/context';
 <%_ } -%>
 
-import { env } from '@/config/env';
-
 const app = express();
 const port = env.PORT;
 

package/templates/common/.cursorrules.ejs

@@ -20,7 +20,7 @@ When indexing or searching the workspace, ignore the following paths to prevent
 
 ### 1. Testing First
 - Every new service or controller method MUST have a test file in `tests/`.
-- **Coverage Gate**: Aim for > 70% coverage (Statement/Line/Function/Branch).
+- **Coverage Gate**: Aim for > 80% coverage (Statement/Line/Function/Branch).
 - **Format**: Use Jest with the AAA (Arrange, Act, Assert) pattern.
 - **Isolation**: Mock external dependencies (DB, Redis, etc.) using `jest.mock()`.
 

package/templates/common/.env.example.ejs

@@ -28,7 +28,7 @@ DB_NAME=<%= dbName %>
 
 <%_ if (communication === 'Kafka') { -%>
 # Communication
-KAFKA_BROKER=localhost:9092
+KAFKA_BROKER=localhost:9093
 KAFKA_CLIENT_ID=<%= projectName %>
 KAFKA_GROUP_ID=<%= projectName %>-group
 <%_ } -%>

package/templates/common/.gitlab-ci.yml.ejs

@@ -4,6 +4,10 @@ variables:
 stages:
   - lint
   - test
+<% if (includeSecurity) { %>
+  - security
+  - quality
+<% } %>
   - build
 
 cache:
@@ -12,22 +16,69 @@ cache:
 
 install_dependencies:
   stage: .pre
-  image: node:22-alpine
+  image: node:22-slim
   script:
     - npm ci
 
 lint_code:
   stage: lint
-  image: node:22-alpine
+  image: node:22-slim
   script:
     - npm run lint
 
-run_tests:
+run_unit_tests:
   stage: test
-  image: node:22-alpine
+  image: node:22-slim
   script:
     - npm run test:coverage
 
+run_e2e_tests:
+  stage: test
+  image: docker:20.10.16
+  services:
+    - docker:20.10.16-dind
+  script:
+    - apk add --no-cache nodejs npm docker-compose
+    - npm ci
+    - npm run test:e2e
+<% if (includeSecurity) { %>
+snyk_scan:
+  stage: security
+  image: node:22-alpine
+  script:
+    - npm ci
+    - npm run snyk:test
+  only:
+    - main
+
+snyk_container_scan:
+  stage: security
+  image: docker:20.10.16
+  services:
+    - docker:20.10.16-dind
+  script:
+    - apk add --no-cache nodejs npm
+    - npm install -g snyk
+    - docker build -t <%= projectName %>:latest .
+    - snyk container test <%= projectName %>:latest --file=Dockerfile --severity-threshold=high --skip-unused-projects
+
+sonarqube_check:
+  stage: quality
+  image: 
+    name: sonarsource/sonar-scanner-cli:latest
+    entrypoint: [""]
+  variables:
+    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
+    GIT_DEPTH: "0"
+  cache:
+    key: "${CI_JOB_NAME}"
+    paths:
+      - .sonar/cache
+  script:
+    - sonar-scanner
+  only:
+    - main
+<% } %>
 build_app:
   stage: build
   image: node:22-alpine

package/templates/common/Dockerfile

@@ -1,7 +1,12 @@
 # ==========================================
 # Stage 1: Builder
 # ==========================================
-FROM node:22-alpine AS builder
+FROM node:22.22.2-trixie-slim AS builder
+
+# Upgrade OS packages to fix upstream vulnerabilities (Snyk-detected)
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 ENV NPM_CONFIG_UPDATE_NOTIFIER=false
@@ -20,7 +25,12 @@ COPY . .
 # ==========================================
 # Stage 2: Production
 # ==========================================
-FROM node:22-alpine AS production
+FROM node:22.22.2-trixie-slim AS production
+
+# Upgrade OS packages to fix upstream vulnerabilities (Snyk-detected)
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 

package/templates/common/Jenkinsfile.ejs

@@ -19,35 +19,46 @@ pipeline {
             }
         }
 
-        stage('Test') {
+        stage('Unit Test') {
             steps {
                 sh 'npm run test:coverage'
             }
         }
 
-        // stage('Build') {
-        //     steps {
-        //         sh 'npm run build'
-        //     }
-        // }
+        stage('E2E Test') {
+            steps {
+                sh 'npm run test:e2e'
+            }
+        }
 
-        // stage('SonarQube Analysis') {
-        //     environment {
-        //         scannerHome = tool 'SonarScanner'
-        //     }
-        //     steps {
-        //         withSonarQubeEnv('SonarQube') {
-        //             sh "${scannerHome}/bin/sonar-scanner"
-        //         }
-        //     }
-        // }
+<% if (includeSecurity) { %>
+        stage('SonarQube Analysis') {
+            environment {
+                scannerHome = tool 'SonarScanner'
+            }
+            steps {
+                withSonarQubeEnv('SonarQube') {
+                    sh "${scannerHome}/bin/sonar-scanner"
+                }
+            }
+        }
 
-        // stage('Security Scan') {
-        //     steps {
-        //         sh 'npm audit --audit-level=high'
-        //     }
-        // }
+        stage('Security Scan') {
+            steps {
+                sh 'npm audit --audit-level=high'
+                sh 'npm run snyk:test'
+            }
+        }
 
+        stage('Snyk Container Scan') {
+            steps {
+                script {
+                    sh 'docker build -t <%= projectName %>:latest .'
+                    sh 'snyk container test <%= projectName %>:latest --file=Dockerfile --severity-threshold=high --skip-unused-projects'
+                }
+            }
+        }
+<% } %>
         // stage('Docker Build & Push') {
         //     steps {
         //         script {

package/templates/common/README.md.ejs

@@ -3,6 +3,10 @@
 ![Node.js](https://img.shields.io/badge/Node.js-18%2B-green.svg)
 ![License](https://img.shields.io/badge/License-ISC-blue.svg)
 <% if (language === 'TypeScript') { %>![TypeScript](https://img.shields.io/badge/Language-TypeScript-blue.svg)<% } else { %>![JavaScript](https://img.shields.io/badge/Language-JavaScript-yellow.svg)<% } %>
+<% if (includeSecurity) { %>
+[![Snyk Vulnerabilities](https://img.shields.io/snyk/vulnerabilities/github/yourusername/<%= projectName %>?style=flat-square)](https://snyk.io/)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=<%= projectName %>&metric=alert_status)](https://sonarcloud.io/)
+<% } %>
 
 A production-ready Node.js microservice generated with **<%= architecture %>** and **<%= database %>**.
 This project comes pre-configured with industry-standard tooling for **Code Quality**, **Testing**, and **Security**.
@@ -15,6 +19,7 @@ This project comes pre-configured with industry-standard tooling for **Code Qual
 -   **Quality**: Eslint, Prettier, Husky, Lint-Staged.
 -   **Testing**: Jest (Unit & Integration).
 -   **DevOps**: Multi-stage Docker build, CI/CD ready.
+<% if (includeSecurity) { %>-   **Enterprise Security**: Snyk SCA, SonarCloud SAST.<% } %>
 
 ## 🔄 CI/CD Pipeline
 <%_ if (ciProvider === 'GitHub Actions') { -%>
@@ -49,19 +54,20 @@ CI/CD is not currently configured, but the project is ready for integration.
 
 ### 2. Quick Start
 ```bash
-# Initialize Git (Required for Husky)
+# Initialize Git (Mandatory for Husky hooks)
 git init
 
 # Install dependencies
 npm install
 
-# Setup Git Hooks (Husky)
-npm run prepare
+# Troubleshooting Husky (if skip git init)
+# npx husky install
 
 # Start Infrastructure (DB, etc.)
 docker-compose up -d
 
 # Run Development Server
+docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> kafka<% } %>
 npm run dev
 ```
 
@@ -124,7 +130,7 @@ This project demonstrates a production-ready Kafka flow:
 2. **Consumer**: `WelcomeEmailConsumer` listens to `user-topic` and simulates sending an email.
 
 ### How to verify:
-1. Ensure infrastructure is running: `docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> zookeeper kafka<% } %>`
+1. Ensure infrastructure is running: `docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> kafka<% } %>`
 2. Start the app: `npm run dev`
 3. Trigger an event by creating a user (via Postman or curl):
    ```bash
@@ -167,7 +173,7 @@ To run the Node.js application locally while using Docker for the infrastructure
 
 ```bash
 # Start infrastructure
-docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> zookeeper kafka<% } %>
+docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> kafka<% } %>
 
 # Start the application
 npm run dev
@@ -215,7 +221,7 @@ npm install
 2. **Start Infrastructure (DB, Redis, Kafka, etc.) in the background**
 *(This specifically starts the background services without running the application inside Docker, allowing PM2 to handle it).*
 ```bash
-docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> zookeeper kafka<% } %>
+docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> kafka<% } %>
 ```
 3. **Wait 5-10s** for the database to fully initialize.
 4. **Deploy the App using PM2 in Cluster Mode**
@@ -241,13 +247,17 @@ docker-compose down
 -   **CORS**: Configured for cross-origin requests.
 -   **Rate Limiting**: Protects against DDoS / Brute-force.
 -   **HPP**: Prevents HTTP Parameter Pollution attacks.
-
-
+<% if (includeSecurity) { %>
+### 🛡️ Enterprise Hardening (Big Tech Standard)
+-   **Snyk SCA**: Automated dependency vulnerability scanning.
+-   **SonarCloud**: Deep static analysis for code quality and security hotspots.
+-   **Security Policy**: Standard `SECURITY.md` for vulnerability reporting.
+<% } %>
 ## 🤖 AI-Native Development
 
 This project is "AI-Ready" out of the box. We have pre-configured industry-leading AI context files to bridge the gap between "Generated Code" and "AI-Assisted Development."
 
 - **Magic Defaults**: We've automatically tailored your AI context to focus on **<%= projectName %>** and its specific architectural stack (<%= architecture %>, <%= database %>, etc.).
-- **Use Cursor?** We've configured **`.cursorrules`** at the root. It enforces project standards (70% coverage, MVC/Clean) directly within the editor. 
+- **Use Cursor?** We've configured **`.cursorrules`** at the root. It enforces project standards (80% coverage, MVC/Clean) directly within the editor. 
   - *Pro-tip*: You can customize the `Project Goal` placeholder in `.cursorrules` to help the AI understand your specific business logic!
 - **Use ChatGPT/Gemini/Claude?** Check the **`prompts/`** directory. It contains highly-specialized Agent Skill templates. You can copy-paste these into any LLM to give it a "Senior Developer" understanding of your codebase immediately.